Hasta La Gadget!

If you use a Jambox, now might be a real good time to change your MyTalk password: Jawbone’s servers have been hacked, and a swathe of users have had their details swiped. More »

The US is under sustained attack from a vast cyber-espionage campaign that, though broadly invisible to the public, has the potential to significantly threaten the economic performance of the country as a whole, according to a new report. China is the most active of the hacking culprits, sources tell the Washington Post having had privileged access to the new National Intelligence Estimate, but are not alone in targeting fields as broad as energy, finance, and technology in the hunt for a commercial edge. As well as technological methods of defense, the US is also apparently considering more unusual strategies to battle the growing number of state-led attacks.

Cyber-espionage has grown in prevalence and attention over the past few years, and according to one Obama administration official – speaking on the understanding of anonymity – “it’s known to be a national issue at this point.” China is widely believed to lead the field, but Russia, Israel, and France are all believed to have been called out by the new report as having “engaged in hacking for economic intelligence.”

China officially denies any government involvement or official economic strategy that includes hacking US companies, but the report is in accordance with other recent claims that Chinese employees are persuaded or coerced to steal content from their US employers or partners.

The NIE holds off from making specific claims about the exact potential for financial impact on the US economy, though there is no shortage of analyst commentary speculating on anything up to $100bn in annual losses.

Though the National Intelligence Estimate’s findings and recommendations are undoubtedly of great interest to US businesses, a public release of the report is not on the cards. A spokesperson for the department responsible for its authorship has said that there will be no unclassified summary, excerpt, or other disclosure, and that “as a matter of policy” it will not be publicly detailed.

However, the US government is expected to release a separate report on trade-secrets protection, which will detail ways in which US companies can work with legislators and lawmakers to ensure their valuable intellectual property is defended. A parallel executive order demanding voluntary standards for particularly high-profile organizations in the private sector is also tipped for release, potentially as early as this week.

Back in January, meanwhile, the US Cyber Command division – the taskforce that challenges cyber-espionage among other threats – gained new teeth for its online war. Three new teams, handling Pentagon infrastructure, US-wide infrastructure, and proactive cyber-attack, have been formulated, to challenge the growing number of hacking attempts.

Hacking highlight: “Sustained attack” on US called out by intelligence report is written by Chris Davies & originally posted on SlashGear.
© 2005 – 2012, SlashGear. All right reserved.

A few days ago, twitter announced that it was targeted by hackers and 250,000 accounts have been compromised. When the attack was discovered, twitter revoked the security tokens for those affected accounts and reset passwords. The account owners were sent e-mails telling them to reset their password.

In the wake of the massive attack, twitter is apparently pursuing improved authentication. Information Week reports that a job listing discovered early this week on the twitter website seeks a software engineer for product security. The job description seeks someone with experience designing and developing user-facing security features including multifactor authentication.

The job also wants the new employee to be familiar with fraudulent login detection techniques. The job listing turned up Monday and Information Week reports that twitter didn’t respond to requests for comment about whether or not it was planning to implement two-factor authentication. A number of large websites do use two-factor authentication, and one of the most notable is PayPal.

Dropbox also now offers two-factor authentication after hackers were able to steal passwords for some user accounts. Interestingly, some of the owners of affected accounts in the big hack discovered recently note that there expired passwords still work when they log into twitter via the twitter API used by third-party tools. Twitter maintains that it reset all passwords for affected accounts. However, it appears that twitter didn’t expire OAuth session tokens allowing third-party applications to continue accessing twitter with expired passwords.

[via Information Week]

Twitter apparently pursuing two factor authentication in wake of security breach is written by Shane McGlaun & originally posted on SlashGear.
© 2005 – 2012, SlashGear. All right reserved.

And the saga continues. Just a year after Bloomberg News was reportedly targeted by Chinese hackers, both The Wall Street Journal and The New York Times have independently published reports suggesting that they too are being probed. Both organizations seem to think that it’s all part of a larger scheme, with Chinese hackers sifting through newsgathering systems of outlets that are reporting on touchy subjects. As the Times puts it: “The attacks appear to be part of a broader computer espionage campaign against American news media companies that have reported on Chinese leaders and corporations.”

When asked about such a possibility, China’s Ministry of National Defense (unsurprisingly) denied the allegations, noting that “to accuse the Chinese military of launching cyberattacks without solid proof is unprofessional and baseless.” As it stands, the FBI is already looking into various attacks of this nature, but strangely, the hacking attempts aren’t being universally viewed as malicious. Paula Keve, chief spokeswoman for Dow Jones & Co., stated: “Evidence shows that infiltration efforts target the monitoring of the Journal’s coverage of China, and are not an attempt to gain commercial advantage or to misappropriate customer information.” As you’d expect, both outfits are stepping up security in a major way in hopes of fending off any future attempts.

Filed under: Internet

Comments

Source: The Wall Street Journal, The New York Times

The US Cyber Command division, the Pentagon’s cybersecurity team established to tackle a new age of digital threats, will be considerably expanded with new specialists in both offensive and defensive technologies, the Defense Department has confirmed. A trio of task-forces will be established, populated with a fresh intake of experts, with the division “constantly looking to recruit, train, and retain world class cyberpersonnel” a spokesperson told the NYTimes. Recent attacks on US infrastructure left the Defense Department convinced that it needed to bolster its own forces.

The three new divisions will deal with more traditional issues of security, as well as toughening up defenses around US infrastructure. The “cyber protection forces” will be responsible for keeping the Pentagon’s own systems secured, while the “national mission forces” will play a similar role for broader infrastructure, such as the US power grid and other essential components vital to keeping the country moving.

Finally, the “combat mission forces” team will take a more proactive role in warfare, planning and executing attacks. The three new divisions are the handiwork of Defense Secretary Leon E. Panetta, who has previously made ominous public warnings suggesting that cyberterrorism will be the next significant war the US will face. Last year, he coined the term “cyber-Pearl Harbor” to describe an unexpected digital strike on US government and infrastructure.

China, Russia, Iran, and other militant groups have been singled out as potential aggressors, with security officials saying that web-based battles have already commenced; it’s not always clear whether attacks are government-sanctioned or initiated by independent groups. Back in July 2011, the Pentagon confirmed it was treating cyberspace as an operational domain, just as it does land, air, and sea.

US Cyber Command gets new teeth for online warfare is written by Chris Davies & originally posted on SlashGear.
© 2005 – 2012, SlashGear. All right reserved.